Date: Thu, 13 Dec 2001 23:35:24 +0200 From: "Dave Raven" <dave@raven.za.net> To: <freebsd-security@FreeBSD.ORG> Subject: Re: Question about port 50000 Message-ID: <004301c1841e$1450a7c0$3800a8c0@DAVE> References: <ronan@melim.com.br058d01c183ef$ce77e1b0$2aa8a8c0@melim.com.br><200112131742.fBDHgho79388@green.bikeshed.org> <20011213220407.5ac73e37.kzaraska@student.uci.agh.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Not sure if this has been shown, but how about a
sockstat |grep 50000
----- Original Message -----
From: "Krzysztof Zaraska" <kzaraska@student.uci.agh.edu.pl>
To: "Brian F. Feldman" <green@FreeBSD.ORG>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, December 13, 2001 11:04 PM
Subject: Re: Question about port 50000
On Thu, 13 Dec 2001 12:42:43 -0500 Brian F. Feldman wrote:
> > Itīs really weird,
> > Openssh from FreeBSD-4.4 is vulnerable, do you have Openssh istalled?
>
> No, OpenSSH is vulnerable if you for some reason had enabled UseLogin.
> There's no reason to have done that...
...and the hostile user must have a valid account. So this not a
remote-root exploit per se.
Krzysztof
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004301c1841e$1450a7c0$3800a8c0>